To begin with, my introduction: I'm Emilio Pinna, IT security researcher, developer, Linux user and open source enthusiast for 15 years. I have a master degree in Computer Engineering at Polytechnic University of Turin and I'm currently working as Penetration Tester in the banking and financial industry.

You can download the software I wrote, the security advisories I published and follow this blog posts rss feed to keep you up to date with my works. I'll try to publish techical posts avoiding vague informations and personal digressions: I'll save you from these pains keeping a practical tone.

So, Less Talk More Code.


2016 Aug 02
Sandbox Breakout - A View of the Nunjucks Template Engine » CVE-2014-5073 , advisory , vmturbo , pentesting , security , vulnerability , rce , cgi , command execution
2014 Jul 30
VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution » CVE-2014-5073 , advisory , vmturbo , pentesting , security , vulnerability , rce , cgi , command execution
2013 Oct 13
Breaking Joomla! at Joomladay 2013 » joomla , naples , joomladay2013 , security , vulnerabilities , slides , talk
2013 Sep 16
Moodle 2.5.0-1 badges/external.php PHP Object Injection » CVE-2013-5674 , advisory , moodle , pentesting , security , vulnerability , xss , php , object injection
2013 Aug 05
Joomla core 3.1.5 reflected XSS vulnerability » CVE-2013-5583 , advisory , joomla , pentesting , security , vulnerability , xss
2013 Jul 17
Facebook OAuth token hijacking via repubblica.it XSS » pentesting , security , oauth , xss , vulnerability , repubblica.it , openredirect
2013 Jan 15
Core dump analysis in cross-compiled enviroinments » embedded , gdb , crosscompile , arm , debug , coredump , crash
2012 Sep 02
Alice Gate AGPF: CSRF reconfiguration vulnerability details » advisory , alice , gate , agpf , agpwi , post , discus.conf , openrg , embedded , telecom , details , sblocco
2012 Sep 02
Alice Gate AGPF e AGPWI: CSRF reconfiguration vulnerability » advisory , alice , gate , agpf , agpwi , csrf , discus.conf , openrg , embedded , telecom , sblocco
2012 Jun 22
FCKEditor reflected XSS vulnerability » CVE-2012-4000 , advisory , ckeditor , csrf , fckeditor , pentesting , security , xss
2011 Jun 03
Fastweb Myfastpage authentication control bypass » advisory , fastweb , hacking , javascript , myfastpage , security , vulnerability , xss
2011 May 30
LSB image and audio steganography » C , coding , steganography , tunneling
2011 May 18
Tunneling IP over RTP » encapsulation , IP over RTP , linux , networking , python , rtp , security , sip , steganography , tunneling , voip , vpn
2011 May 12
Kusaba X CSRF XSS vulnerabilites » /b/ , 4chan , advisory , csrf , hacking , security , sql injection , vulnerability , xss
2010 Jul 03
Bash networking tricks » bash , networking , shell , Tricks
2010 Jun 28
Enabler - cisco enable bruteforcer » brute force , C , cisco , coding , hacking , router
2010 Jun 18
Scovare i pacchetti meno usati con unusedpkg » bash , coding , debian , linux , slacware , ubuntu , unusedpkg